About sFlow in Netvisor ONE

As defined by the sFlow Version 5 reference document, Netvisor ONE supports sFlow’s two main embedded components: a native Agent with packet sampling and the export function to the Collector(s).

As displayed in Figure 16-1, the sFlow Agent runs on Netvisor ONE switches, extracts data plane traffic using hardware-assisted sampling, and sends the sampled packets using a special format to the sFlow Collector for further processing.

Figure 16-1 - Network Topology with Switch-based sFlow Agents and Collector Device

Packet Sampling: Packet sampling refers to the random selection of a fraction of the packets observed by the switch where the Agent is running. Since sampled packets correspond to various traffic flows, this function randomly samples traffic flows: hence, it is also referred to as packet flow sampling.

If the Agent is enabled, Netvisor ONE provides two configuration options for the sampling function:

• Sampling Rate: the sampling rate specifies the ratio of the packets observed by the hardware to the samples generated. For example, a sampling rate of 100 specifies that, on average, 1 sample will be generated for every 100 packets observed. The packets are sampled by the hardware and passed to the software which adds the sFlow encapsulation header and sends them to the Collector. You can configure the sampling rate using the sample-rate command option.
• Counter Polling Interval: the counter polling interval is the maximum number of seconds between successive samples of the counters associated with the data source. You can configure it using the counter-polling-interval command option. On expiry of the timer, Netvisor ONE collects the traffic statistics from the hardware and constructs an sFlow datagram to send to the Collector. The Counter Polling process results in the generation of Counter Records. When available, the sFlow Agent collects both Counter Records and Packet Flow Records and exports them within sFlow datagrams.

sFlow can sample different types of frames such as:

• Frames sent to the control plane (CPU)
• Frames forwarded through switch interfaces
• Packets using IP options
• Frames resulting in MTU violations
• Flooded packets
• Multicast packets

On the other hand, the following types of frames cannot be sampled by sFlow:

• Control plane frames such as LLDP/LACP/STP PDUs
• PAUSE frames
• PIM hello packets
• CRC-errored frames
• Packets dropped by ACLs
• Packets dropped due to VLAN violations (i.e., received with unconfigured VLANs on a port)

Netvisor ONE switches support sFlow at the port level with two types of samplers:

1. Ingress sFlow sampler
2. Egress sFlow sampler

You can configure either sampler type, or both at the same time, to implement unidirectional or bidirectional packet sampling. 

sFlow datagrams are sent to an sFlow Collector using the UDP protocol. The official UDP port number for sFlow is 6343. Each datagram provides information about the sFlow version, the originating device’s IP address, a sequence number, the number of samples it contains and one or more flow and/or counter samples.

If the configured sFlow Collector is unreachable due to any connectivity issue, the sFlow Agent tries to resend the sFlow datagrams every 60 seconds. During this time , the datagrams are recorded as sFlow drop packets.

sFlow datagrams could get dropped when:

• The sFlow port is invalid
• The sFlow Agent fails to match the sample port
• There is a network connectivity issue
• The sFlow datagrams are malformed or oversized 
• The sFlow datagrams use IPv6
• There is traffic congestion with queue drops

You can use the sflow-show command to display the datagram drop counts.

To enable sFlow on a switch, you should configure the following functions (as described later in this document) in this order:

1. Configuring the Export Function to the sFlow Collector
2. Configuring the sFlow Agents in the Network